{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T13:58:17.983","vulnerabilities":[{"cve":{"id":"CVE-2023-38691","sourceIdentifier":"security-advisories@github.com","published":"2023-08-04T17:15:11.063","lastModified":"2024-11-21T08:14:03.960","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:matrix:matrix-appservice-bridge:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"8.1.2","matchCriteriaId":"DC6F33A1-2DFE-4F73-8C67-45C4782AC792"},{"vulnerable":true,"criteria":"cpe:2.3:a:matrix:matrix-appservice-bridge:9.0.0:*:*:*:*:node.js:*:*","matchCriteriaId":"40415786-C971-407F-9E51-9C5203B4F2CB"}]}]}],"references":[{"url":"https://github.com/matrix-org/matrix-appservice-bridge/commit/4c6723a5e7beda65cdf1ae5dbb882e8beaac8552","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/matrix-org/matrix-appservice-bridge/security/advisories/GHSA-vc7j-h8xg-fv5x","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/matrix-org/matrix-appservice-bridge/commit/4c6723a5e7beda65cdf1ae5dbb882e8beaac8552","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/matrix-org/matrix-appservice-bridge/security/advisories/GHSA-vc7j-h8xg-fv5x","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}